I saw this article on the top ten security land mines and thought it was a great summary of problems we face with trying to implement data controls.
The security land mines are a mix of things people do because they're human (send email to the wrong place, give out passwords), and things that IT groups do because their management thinks there are easy ways to solve security problems. And it's a list that I think is pretty good at pointing out some of the dumb things we do. I wouldn't doubt that there might be a few more things to point out.
Most of the security issues that have occurred with lost data lead back to some human error. Someone disregards a rule, acts without thinking, or just makes a mistake and allows a criminal to get access to data or a copy of data. From what I've read over the years, there just aren't very many times a hacker gets into a system without human intervention. Heck, most of the virus spreads I've seen over the years in companies were due to someone clicking where they shouldn't have.
We all break rules constantly. We don't build the use the strongest passwords we should, we leave them the same too long, we reset a password for a friend over the phone, we copy some data for a salesperson going on a trip, and many more "little white lie" equivalents that are no big deal. And 99.999% of the time, perhaps even more often, nothing happens.
We get complacent, we start to feel invincible, and we think that none of these things will go wrong. But when it does, it can go really, really wrong. My kids always tell me they won't spill grape juice on the coach when I catch them over there with a glass. They're right 99% of the time, but it's the 1% of the time that I worry about.
Security is a hassle. It's annoying, it gets in the way, and slows us down. But many of those rules, most of the time, keep us from stepping on a virtual land mine.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are now available at sqlservercentral.podshow.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.
Overall RSS Feed:
or now on iTunes!
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.
